On 29 Aug 2008, at 19:03, tedd wrote:
At 5:06 PM +0100 8/29/08, Stut wrote:
On 29 Aug 2008, at 16:33, tedd wrote:
I didn't mean to imply laziness, but now that you mentioned it --
on one hand we say that CAPTCHA is good enough until something
else comes along, but on the other hand, because we are using
CAPTCHA, there's no need to develop something else.
I think this is very naive and coming from you tedd it surprises me.
From my perspective, I think it naive to look at this in any other
way.
For example, how much time have you invested in finding a better
way? I'm not pointing a finger at you and saying "You need to drop
everything and come up with a solution before moving on." But I am
saying that you are using a CAPTCHA until someone else comes up with
a better way. Is that not true?
So, in essence my statement above is not naive but rather factual.
Factual is not naive.
Not at all. I spend a fair amount of time thinking about ways to make
my work more secure. I would hope that goes for most developers,
especially if they realise that a CAPTCHA is not 100% effective.
However, this is the way research works. Most people (i.e. the work-a-
day folk) spend most of their time making stuff. The few people who
are lucky enough to either work for a company that gives them time to
do research or actually does it for a living are the ones more likely
to hit upon a new solution.
I don't think this makes us lazy, or wrong, for continuing to use the
current tool - it makes us practical. If I have a eureka moment at any
point rest assured I will put some personal time aside to look into it
(as I have in other areas) and if something comes of it I'd publish it
on my blog.
So, in essence your statement is assumptive, judgemental and sweeping.
That's not factual.
Very few developers have time to put everything on hold because the
tools they have are not 100% effective - I certainly don't. I
really wish I did, but this is the real world where the almighty
pound is king. I'd love to see the faces at the next board meeting
when I say "no progress this month because we've been trying to
come up with something better than CAPTCHA's".
You are missing the point. I'm not telling you to stop anything.
I am saying -- however -- that we continue (myself included) to use
technology that hurts others. That does not justify our actions --
it only provides an excuse.
When you say it hurts others I assume you mean excludes users who, for
whatever reason, cannot pass the CAPTCHA test. I completely agree, but
as far as I know it's only (and I use that word carefully) people with
both visual and audio impairments that you cannot cater for. If you
could you'd render all CAPTCHA implementations I'm aware of pointless.
I completely agree that this is less than ideal, and I really don't
like preventing legitimate potential users from using my sites, but
I'd rather have a usable and clean (yes, most automated posts are
dirty in some way) site than one that nobody wants to use. This is a
choice we have to make otherwise there's no point creating the site at
all.
Holding my hand up now as a lazy developer, the CAPTCHA I have on my
sites is not accessible what with it being simply an image with no
audio alternative. We have plans to switch it to using recaptcha or
implement our own but in terms of priorities it's pretty low for my 2-
man team (myself included).
The best defence against dodgy inputs I've seen so far has been
having a good community on the site who pro-actively look for and
take action against it. Best example I can think of this late in
the day is Wikipedia.
As I see it, I could be wrong, but that's just an example of
"developers" who are not taking the easy way out, but rather trying
to solve the problem by using something other than CAPTCHA, like the
ones I posted earlier.
Yes and no. Wikipedia has its share of problems with spammers, but
they have such a large community of users who are willing and able to
put time into keeping the site clean it works. The same site with a
different type of user profile may not be able to work this way.
As far as it being down to the developer I think you're giving credit
where little is due. It's the user response to the completely open
nature of the original product that prevented them from having to
implement CAPTCHA's to prevent automated posting. Had the community of
users not been so proactive I don't doubt they would have ended up
using them.
Look, we are not in disagreement -- I understand that you have
deadlines and projects that can't be put on hold and all the other
excuses you cite -- actually, so do I. But in the end, we are doing
this at the cost of accessibility for others. We shouldn't lose
sight of that.
I think we do disagree on a fundamental level. You think we've all
given up because we have CAPTCHA's, I believe in the innovative
potential of most developers. We're using CAPTCHA's a lot, and we're
doing it because none of us have come up with anything better yet, but
that certainly doesn't mean we've given up trying.
If your site is free to use I would modify your statement to say...
"CAPTCHA's show the world that you care about the quality of the
content on your site without needing to charge for its use, but
remember that we haven't given up trying to find a better way"
Not quite as catchy as yours, but more accurate. If people need to pay
to use your site then the need for CAPTCHA's is reduced but I'd argue
that in some cases they're still needed.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php